Re: [libvirt] [PATCH] tools: relax x509 Subject regexes to allow numbers and more

On Mon, Dec 10, 2018 at 04:53:27PM +0000, Daniel P. Berrangé wrote: > The virt-pki-validate tool is extracting components in the x509 > certificate Subject field. Unfortunately the regex it is is using is far > too strict, and so truncating valid data. It needs to consider ',' as a > field separator, and if that's not there take all data until the EOL. [...] > --- > tools/virt-pki-validate.in | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in > index b04680ddef..c3fadbba64 100755 > --- a/tools/virt-pki-validate.in > +++ b/tools/virt-pki-validate.in > @@ -201,14 +201,14 @@ then > echo Client certificate $LIBVIRT/clientcert.pem should be world readable > echo "as root do: chown root:root $LIBVIRT/clientcert.pem ; chmod 644 $LIBVIRT/clientcert.pem" > else > - S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem" | grep Subject: | sed 's+.*O=\([a-zA-Z \._-]*\).*+\1+'` > + S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem" | grep Subject: | sed 's+.*O=\([^,]*\).*+\1+'` Unrelated to this patch, nit-pick: s/S_ORG/C_ORG/ here? Because we use 'S_ORG' further below in the script for server certificate.